Question about CONFIDENTIAL and INTEGRAL transport-guarantee

Tyler Wright

Ranch Hand

Posts: 40

posted 7 years ago

Hi folks,

below is the content of a question on one of the mock exams I have been taking:

Select all that are true:
A. Confidentiality can be defined as information is not made available or
disclosed to unauthorized persons or processes
B. The use of JSP pages ensures data confidentiality by default
C. Confidentiality can be ensured by the use of the SSL protocol
D. Confidentiality can be ensured by the use of the SHTTP protocol
E. Data integrity means that data is unchanged from its source and has
not been accidentally or maliciously modified

I answered: A, C,D, and E; however, the exam claims that the correct answers are only C and E.

My reasoning for the wrong answer is:
A: Confidentiality means the data is encryted; therefore even if intercepted, could not be "disclosed to
unauthorised persons or processes".
D: SHTTP is http over SSL.

Is my reasoning flawed or is the exam wrong?

thanks in advance,

SCJP SCJD

Aarti Malhotra

Greenhorn

Posts: 14

posted 7 years ago

A,C and E seems correct answers amongst the options.

Aarti Malhotra
SCJP 5.0, SCWCD 5.0

Ulf Dittmer

Rancher

Posts: 42969

73

posted 7 years ago

SHTTP is http over SSL.

HTTPS is HTTP over SSL. There was a protocol named SHTTP for much the same purpose, but it died more than 10 years ago.

Chinmaya Chowdary

Ranch Hand

Posts: 434

posted 7 years ago

Hi, Tyler.

A: Confidentiality means the data is encryted; therefore even if intercepted, could not be "disclosed to
unauthorised persons or processes".

The hackers can get the encrypted information, they may not decrypt(if most powerful cryptographic algorithms are used) but they can see the packets headers and can find, to which servers the most frequent packets are going. They can find the most bussiest servers in the network. They can identify the vulnerable points in the network. They can act upon the points and can make maximum possible damage .

vani venkat

Ranch Hand

Posts: 142

posted 7 years ago

I also chose option A:

confidentiality means not allowing others to see like credit card numbers etc .
integrity is not allowing others to change or tamper on the way request passes.